agent-bom-compliance

AI compliance and policy engine — evaluate scan results against OWASP, NIST, SOC 2, ISO 27001, CMMC, EU AI Act, AISVS v1.0, and related frameworks. Generate SBOMs and compliance reports. Use when: "compliance report", "NIST", "SOC 2", "ISO 27001", "OWASP", "EU AI Act", "AISVS", "generate SBOM", "policy check".

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "agent-bom-compliance" with this command: npx skills add msaad00/agent-bom-compliance

agent-bom-compliance — AI Compliance & Policy Engine

Evaluate AI infrastructure scan results against 14 security and regulatory frameworks. Enforce policy-as-code rules. Generate SBOMs in standard formats. Run AISVS v1.0 and CIS benchmark checks.

Install

pipx install agent-bom
agent-bom agents --compliance --compliance-export nist-ai-rmf
agent-bom agents -f cyclonedx -o sbom.json

When to Use

  • "compliance report" / "run compliance"
  • "NIST" / "NIST AI RMF" / "NIST CSF" / "NIST 800-53"
  • "SOC 2" / "SOC2"
  • "ISO 27001"
  • "OWASP" / "OWASP LLM Top 10" / "OWASP Agentic Top 10"
  • "EU AI Act"
  • "AISVS" / "AI Security Verification Standard"
  • "CMMC" / "FedRAMP"
  • "generate SBOM" / "CycloneDX" / "SPDX"
  • "policy check" / "policy enforcement"

Tools (5)

ToolDescription
complianceOWASP LLM/Agentic Top 10, EU AI Act, MITRE ATLAS, NIST AI RMF
policy_checkEvaluate results against custom security policy (17 conditions)
cis_benchmarkRun CIS benchmark checks against cloud accounts
generate_sbomGenerate SBOM (CycloneDX or SPDX format)
aisvs_benchmarkOWASP AISVS v1.0 compliance — 9 AI security checks

Supported Frameworks (14)

  • OWASP LLM Top 10 (2025) — prompt injection, supply chain, data leakage
  • OWASP MCP Top 10 — MCP-specific security risks
  • OWASP Agentic Top 10 — tool poisoning, rug pulls, credential theft
  • OWASP AISVS v1.0 — AI Security Verification Standard (9 checks)
  • MITRE ATLAS — adversarial ML threat framework
  • NIST AI RMF — govern, map, measure, manage lifecycle
  • NIST CSF 2.0 — identify, protect, detect, respond, recover
  • NIST 800-53 Rev 5 — federal security controls (CM-8, RA-5, SI-2, SR-3)
  • FedRAMP Moderate — derived from NIST 800-53 controls
  • EU AI Act — risk classification, transparency, SBOM requirements
  • ISO 27001:2022 — information security controls (Annex A)
  • SOC 2 — Trust Services Criteria
  • CIS Controls v8 — implementation groups IG1/IG2/IG3
  • CMMC 2.0 — cybersecurity maturity model (Level 1-3)

Examples

# Run compliance check against multiple frameworks
compliance(frameworks=["owasp_llm", "eu_ai_act", "nist_ai_rmf"])

# Enforce custom policy
policy_check(policy={"max_critical": 0, "max_high": 5})

# Generate SBOM
generate_sbom(format="cyclonedx")

# Run AISVS v1.0 compliance
aisvs_benchmark()

# Run AWS CIS benchmark
cis_benchmark(provider="aws")

Privacy & Data Handling

OWASP, NIST, EU AI Act, MITRE ATLAS, AISVS, SBOM generation, and policy checks run entirely locally on scan data already in memory. No network calls, no credentials needed for these features.

CIS benchmark checks (optional, user-initiated) call cloud provider APIs using your locally configured credentials. These are read-only API calls to AWS, Azure, GCP, or Snowflake. You must explicitly run cis_benchmark(provider=...) and confirm before any cloud API calls are made.

Verification

  • Source: github.com/msaad00/agent-bom (Apache-2.0)
  • 7,100+ tests with CodeQL + OpenSSF Scorecard
  • No telemetry: Zero tracking, zero analytics

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Skill Polisher

Polishes standalone skills and multi-skill bundles for ClawHub readability without sacrificing LLM effectiveness. Use when improving a skill's listing, makin...

Registry SourceRecently Updated
113099rebels
General

OpenClaw Hi Install

Install or repair Hirey Hi on a local OpenClaw host through the official ClawHub package path, then complete the local MCP, receiver, registration, and healt...

Registry SourceRecently Updated
5630yzlee
General

Reducto

Reducto document processing API integration with managed API key authentication. Parse, extract, split, and edit documents. Use this skill when users want to...

Registry SourceRecently Updated
3490byungkyu
General

Resend

Resend API integration with managed authentication. Send transactional emails, manage domains, contacts, templates, and broadcasts. Use this skill when users...

Registry SourceRecently Updated
2550byungkyu